How to protect your company from 'zero-day' exploits

By Abhay Joshi, Top Layer Networks Inc.

March 1, 2004 12:00 PM ET

Computerworld - A "zero-day" exploit is any vulnerability that's exploited immediately after its discovery. This is a rapid attack that takes place before the security community or the vendor knows about the vulnerability or has been able to repair it. Such exploits are a Holy Grail for hackers because they take advantage of the vendor's lack of awareness and the lack of a patch, enabling the hacker to wreak maximum havoc.
Zero-day exploits are often discovered by hackers who find a vulnerability in a specific product or protocol, such as Microsoft Corp.'s Internet Information Server and Internet Explorer or the Simple Network Management Protocol. Once they are discovered, zero-day exploits are disseminated rapidly, typically via Internet Relay Chat channels or underground Web sites.
Why is the threat growing?
Although there haven't yet been significant zero-day exploits, the threat is growing, as evidenced by the following:

Hackers are getting better at exploiting vulnerabilities soon after discovery. It would typically take months for vulnerabilities to be exploited. In January 2003, the SQL Slammer worm exploit appeared eight months after the vulnerability was disclosed. More recently, the time between discovery and exploitation has been reduced to days. Just two days after Cisco Systems Inc. disclosed a vulnerability in its Internetworking Operating System software, exploits were seen; MS Blast was exploited less than 25 days after the vulnerability was disclosed, and Nachi (a variant of MS Blast) struck a week later.

Exploits are being designed to propagate faster and infect larger numbers of systems. Exploits have evolved from the passive, slowly propagating file and macro viruses of the early 1990s to more active, self-propagating e-mail worms and hybrid threats that take a few days or a few hours to spread. Today, the latest Warhol and Flash threats take only a few minutes to propagate.

Knowledge of vulnerabilities is growing and more are being discovered and exploited.

For these reasons, zero-day exploits are a scourge for most enterprises. A typical enterprise uses firewalls, intrusion-detection systems and antivirus software to secure its mission-critical IT infrastructure. These systems offer good first-level protection, but despite the best efforts of security staffers, they can't protect enterprises against zero-day exploits.
What to look for
By definition, detailed information about zero-day exploits is available only after the exploit is identified. To understand how to determine if your company has been attacked by a zero-day exploit, here is an example:
In March 2003, a Web server run by the U.S. Army was compromised by an exploit using a buffer-overflow vulnerability in WebDAV. This was before Microsoft was aware of the vulnerability, and hence no

Comments ()

Today's Top Stories

Additional Resources

WHITE PAPER

How Cloud Communications Reduce Costs and Increase Productivity

Small and midsize businesses are moving to the cloud to host their communications capabilities. Learn how enterprise-quality phone benefits, online management, conferencing, auto attendant, and ease of use are built into a system that is half the cost of a PBX.

Read now.

Free Insider Guide

IT Certification Study Tips: Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.

Security Resources

Case Study: Hospital Turns to Email Archiving Solution to Ensure Regulatory Compliances Read this case study to learn how a cloud-based email archiving solution enabled the hospital to meet government mandates and helps avoid thousands...
Case Study: In-the-Cloud Email Service Replaces Three Point Products Read this case study for more information on a comprehensive in-the-cloud email service to help replace three point products.
What does it take to deliver Security, Privacy and Trust at Mimecast? This whitepaper explains the process and controls that Mimecast put in place to deliver a secure, private and trusted SaaS platform for your...
Your Data under Siege: Defeating the Enemy of Complexity Even if you have adequate antivirus protection, are there still holes in your IT security armor? Is lack of bandwidth to manage the...

Live Webcast
Storage Validation at Go Daddy: Best Practices from the World's #1 Web Hosting Provider

Storage Validation at Go Daddy: Best Practices from the World's #1 Web Hosting Provider

Live Webcast
MFT and FileXpress - An Overview

Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity.

Live Webcast
Bridging HTTP and FTP with FileXpress Internet Server

What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...

Bridging HTTP and FTP with FileXpress Internet Server What if you could take an FTP server on your internal network, and allow external users (partners or customers) to securely access it...
MFT and FileXpress - An Overview Business users and applications exchange files on a regular basis. File transfer is a core part of the flow of business activity.

All Security White Papers

Webcasts

IT Jobs

See All Jobs Post a job for $295

Jobs by SimplyHired

Security White Papers | All Security White Papers